# Install dependencies, set up firewall.
config_tree_prefix="${HOME}/config/buster"
./install_for_target.sh pleroma
-./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" pleroma
+./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web
nft -f /etc/nftables.conf
# Set up letsencrypt certificate. TODO: Is it auto-renewed?
+ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}"
+rm /etc/nginx/sites-enabled/default
-# Prepare user and system info.
+# Prepare user.
adduser --system --shell /bin/false --home /opt/pleroma pleroma
-export FLAVOUR='amd64'
# Download and unzip latest stable release, set up Pleroma dirs.
+export FLAVOUR='amd64'
su pleroma -s $SHELL -lc "
curl 'https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job=$FLAVOUR' -o /tmp/pleroma.zip
unzip /tmp/pleroma.zip -d /tmp/
chown -R pleroma /etc/pleroma
# Configure and set up DB.
-su pleroma -s $SHELL -lc './bin/pleroma_ctl instance gen '\
- '--output /etc/pleroma/config.exs' \
- '--output-psql /tmp/setup_db.psql' \
- "--domain ${domain}" \
- '--instance-name plom-roma' \
- "--admin-email ${mail}" \
- "--notify-email ${mail}" \
- '--dbhost localhost' \
- '--dbname pleroma' \
- '--dbuser pleroma' \
- "--dbpass $(pwgen -s 100 1)" \
- '--rum N' \
- '--indexable N' \
- '--uploads-dir /var/lib/pleroma/uploads' \
- '--static-dir /var/lib/pleroma/static' \
- '--listen-ip 127.0.0.1' \
- '--listen-port 4000'
+su pleroma -s $SHELL -lc "./bin/pleroma_ctl instance gen \
+--output /etc/pleroma/config.exs \
+--output-psql /tmp/setup_db.psql \
+--domain ${domain} \
+--instance-name plom-roma \
+--admin-email ${mail} \
+--notify-email ${mail} \
+--dbhost localhost \
+--dbname pleroma \
+--dbuser pleroma \
+--rum N \
+--indexable N \
+--uploads-dir /var/lib/pleroma/uploads \
+--static-dir /var/lib/pleroma/static \
+--listen-ip 127.0.0.1 \
+--listen-port 4000 \
+--dbpass $(pwgen -s 100 1)"
su postgres -s $SHELL -lc "psql -f /tmp/setup_db.psql"
su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate"
+# Since the OTP release does not support .secret.exs configuration
+# files, we hack our own alternative by simply appending custom
+# configurations to /etc/config.exs.
+cat "${config_tree_prefix}/other_files/append_pleroma_config" >> /etc/pleroma/config.exs
+
+# Single-pixel picture hack for removing Pleroma FE images.
+cp "${config_tree_prefix}/other_files/pixel.png" /var/lib/pleroma/static/
+chown pleroma:nogroup /var/lib/pleroma/static/pixel.png
+
+# Info panel and TOS.
+mkdir -p /var/lib/pleroma/static/instance
+mkdir -p /var/lib/pleroma/static/static
+cp "${config_tree_prefix}/other_files/pleroma_panel.html" /var/lib/pleroma/static/instance/panel.html
+cp "${config_tree_prefix}/other_files/pleroma_terms-of-service.html" /var/lib/pleroma/static/static/terms-of-service.html
+
# Prepare NGINX config for Pleroma.
cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/sites-available/pleroma.nginx
sed -i "s/example\.tld/${domain}/g" /etc/nginx/sites-available/pleroma.nginx
ln -s /etc/nginx/sites-available/pleroma.nginx /etc/nginx/sites-enabled/pleroma.nginx
-rm /etc/nginx/sites-enabled/default
# Systemd integration.
cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service
projects / config / blobdiff